nanog mailing list archives
Re: Netflix banning HE tunnels
From: Mark Andrews <marka () isc org>
Date: Tue, 21 Jun 2016 06:45:41 +1000
In message <E67D028D-2A66-453C-9D8B-0AC8FEA88131 () delong com>, Owen DeLong writes:
On Jun 17, 2016, at 10:10 , Mark Milhollan <mlm () pixelgate net> wrote: On Tue, 14 Jun 2016, Owen DeLong wrote:On Jun 14, 2016, at 11:57 , Ricky Beam <jfbeam () gmail com> wrote:I've seen many "IPv6 Capable" CPEs that apply ZERO security to IPv6traffic.Those are by definition poorly designed CPE.This (open by default vs closed) has been discussed before, with plenty of people on either side. /markIâm unaware of anyone advocating open inbound by default residential CPE. Iâm not saying they donât exist, but I canât imagine how anyone could possibly defend that position rationally. Iâm pretty much in favor of open by default in most things, but for inbound traffic to residential CPE? Even I find that hard to rationalize. Owen
For a lot of homes it actually makes sense. You laptops are safe as they are designed to be connected directly to the Internet. We do this all the time. Similarly phone and tablets are designed to be directly connected to the Internet. I know that lots of us do this all the time. Think about what happens at conferences. There is no firewall there to save you but we all regularly connect our devices to the conference networks. Lots of other stuff is also designed to be directly connected to the Internet. Finding ways to successfully attack a machine from outside is actually hard and has been for many years now. There is lots of FUD being thrown around about IoT. Some machines will be compromised but as a class of devices there is no reason to assume that manufactures haven't learn from what happened to other Internet connected products. The thing you need from all manufactures is a commitment to release fixes (no necessarially feature upgrades) for the devices they ship for the real life the product and for users to upgrade the products. Software doesn't wear out. Bugs just get found and design flaws discovered. The existing warranty policies are designed around products that physically wear out. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Re: Netflix banning HE tunnels, (continued)
- Re: Netflix banning HE tunnels Ricky Beam (Jun 14)
- Re: Netflix banning HE tunnels Valdis . Kletnieks (Jun 14)
- Re: Netflix banning HE tunnels Owen DeLong (Jun 14)
- Re: Netflix banning HE tunnels Mark Milhollan (Jun 17)
- Re: Netflix banning HE tunnels Owen DeLong (Jun 20)
- IPv6 Ingress traffic by default Jared Mauch (Jun 20)
- Re: IPv6 Ingress traffic by default Mark Milhollan (Jun 20)
- Re: IPv6 Ingress traffic by default Mark Andrews (Jun 20)
- Re: IPv6 Ingress traffic by default Owen DeLong (Jun 20)
- Re: IPv6 Ingress traffic by default Mark Andrews (Jun 20)
- Re: Netflix banning HE tunnels Mark Andrews (Jun 20)
- Re: Netflix banning HE tunnels Owen DeLong (Jun 20)
- Re: Netflix banning HE tunnels Mark Andrews (Jun 20)
- Re: Netflix banning HE tunnels Jason Baugher (Jun 20)
- Re: Netflix banning HE tunnels Owen DeLong (Jun 20)
- Re: Netflix banning HE tunnels Donn Lasher via NANOG (Jun 20)
- Re: Netflix banning HE tunnels Harald Koch (Jun 20)
- Re: Netflix banning HE tunnels Ricky Beam (Jun 09)
- Re: Netflix banning HE tunnels Karl Auer (Jun 09)
- Re: Netflix banning HE tunnels Randy Bush (Jun 09)
- Re: Netflix banning HE tunnels Karl Auer (Jun 09)